Next Hop Routes

A Next Hop Route (NHR) is used to route a subnet through another hop. They are usually used to route a subnet through a LAN subnet where the Next Hop IP is the router to send that traffic to. The Next Hop IP must be in a LAN or WAN subnet configured on the Ecessa. The Source Network and Destination Network can be used by themselves or in combination to identify traffic to send to the Next Hop IP. The Routed Via can be used to select a WAN that traffic should traverse without NAT.

Next Hop Route Example

This example will use the configuration depicted in the following diagram. The Ecessa’s LAN is configured as 192.168.1.57/24 and the firewall’s external interface is 192.168.1.58/24. Behind the firewall are two internal networks; 192.168.0.0/24 and 192.168.100.0/24.

In this example the Ecessa device is not aware of the two internal networks and does not know how to reach them. If direct communication with the internal 192.168.100.0/24 network was needed a Next Hop Route would tell the Ecessa device how to reach that network. In this example the traffic destined for the 192.168.100.0/24 network must be sent to the firewall’s external address of 192.168.1.58 which is something the Ecessa device can reach. The Next Hop Route to accomplish this is in the following diagram.

The Source Network being 0.0.0.0/0 means that the traffic can originate from anywhere. The Destination Network is the traffic that will be sent to the Next Hop IP. The Next Hop IP is an address within a LAN or WAN configured on the Ecessa device that is able to reach the Destination Network.

Limitations

Next Hop Routes can only have a maximum of 32 source based routes. Routes with a Source Network of Anywhere do not count towards this limit. Each network in an alias will count as one route so, for example, a single Next Hop Route entry that uses an alias containing more than 32 entries in the Source Network field would not be allowed. If this limit is reached a Static Routecan often be used instead. To create a Static Route that behaves like a Next Hop Route enter the Next Hop IP in the Route(s) field of the Static Route.